Van+ Oct Nov 2013 aw_Layout 1Platinum sponsor Gold sponsors Silver
sponsor
Evaluate Your Risks Now! Get a free cloud trial of cVidya’s
MoneyMap® Risk Management Solution!
Why MoneyMap Risk?
MoneyMap Risk is a SaaS-based comprehensive, end-to-end, carrier
grade decision support system for Revenue Assurance and Fraud.
Based on embedded risk methodologies, it enables planning,
forecasting and evaluating Revenue Protection practices.
Visit http://www.cvidya.com or send an e-mail to
[email protected] to submit your free trial
request.
Automated risk assessment process and mitigation planning Increased
leakage prevention rate through better identification of risk areas
Provides RA and FM forecasts of revenue loss, loss prevention and
revenue recovery
CONTENTS
18 TALKING HEADS: BUSINESS ASSURANCE CAN ACHIEVE MORE THAN THE SUM
OF ITS PARTS WeDo Technologies’ Raul Azevedo explains how the
previously distinct disciplines of revenue assurance and fraud
management are coming together to achieve a common goal of
detecting, mitigating and preventing situations in which CSPs are
losing or at risk of losing money
21 REVENUE & FRAUD FOR CSPS ANALYST REPORT Our specially
commissioned analyst report, authored by Dan Baker, research
director at Technology Research Institute
32 EXPERT OPINION Efrat Nissimov introduces the concept of
transformation assurance
34 REVENUE ASSURANCE Nick Booth explores how CSPs can handle the
multi-partner pressures they face
36 EXPERT OPINION Vic Bozzo and Michael Elling advocate that CSPs
play both defensive and offensive games
39 CASE STUDY Inside CSG International’s fraud preventing
international traffic management deployment at MTN South
Africa
40 EXPERT OPINION Paresh Shah raises concerns about security during
the migration from circuit-switched technology to all-IP LTE and
SDN networks
42 SECURITY Jonny Evans finds that CSPs aren’t paranoid, threats
truly are escalating
44 EXPERT OPINION Ashwin Chalapathy advocates a managed services
approach to alleviate the pressure CSPs face to manage with limited
resources
VanillaPlus Insight October/November 2013
1 8
TA L K I N G H E A D S
Raul Gomes Azevedo is product development director of WeDo
Technologies, the business assurance systems vendor. He also serves
as head of the TM Forum’s Fraud Group. Here he tells VanillaPlus
that the previously distinct disciplines of revenue assurance and
fraud management are coming together to achieve a common goal of
detecting, mitigating and preventing situations in which CSPs are
losing, or at risk of losing money. As margins are being crushed
and the pressure for cost optimisation and efficiency improvement
increases, it will become fundamental for CSPs to adopt this
broader concept, he explains
VanillaPlus: Gartner recently named WeDo Technologies as number one
provider of revenue assurance and fraud management. What were the
main drivers that allowed you
to reach this position?
Raul Azevedo: WeDo Technologies has been recognised as market share
leader in revenue assurance for some time and has been constantly
growing this market share. What is great about this most recent
achievement is that it’s a consequence of a very clear strategy to
address business assurance in an integrated way. Despite already
being very well established as a revenue assurance provider, WeDo
made a conscious decision some years ago to inject investment into
developing an entirely new integrated solution that also addresses
fraud management, creating a complete business assurance platform.
As a result, we can now also provide a complete fraud management
process to our customers, from detection through to investigation
and prevention, always focused on maximising both detection
performance as well as case resolution and
knowledge incorporation to improve the process. This, together with
a track record of transparency and solid financials, an ability to
combine business knowledge and technical knowhow, continuous
investment in research and development and excellence in project
delivery are clearly the drivers for this achievement.
Results of this positioning have been particularly evident at the
WeDo Technologies Worldwide User Group (WWUG), which has continued
to mature over the years and exceed our expectations in terms of
the audience it
Business assurance can achieve more than the sum of its parts for
CSPs
V
1 9
attracts. This year we were joined by clients and prospects from 62
CSPs in 45 different countries, all coming together to network and
openly share their experiences.
VP: Do you see revenue assurance and fraud management as two areas
working together for a common goal?
RA: It’s a clear trend for revenue assurance and fraud management
teams to work closely together and have a common line of report.
WeDo surveyed CSPs on this at the WWUG in 2011 and 2012. In
both years, around 70% of CSPs agreed or strongly agreed that this
was the case. Similarly, the TM Forum’s 2012 Fraud Management
survey found that 68% of respondents also have responsibilities in
the revenue assurance process.
2 0
knowledge of processes and systems. We often see suspicious
situations identified by revenue assurance teams being brought to
fraud management’s attention and vice-versa. Synergies continue
across infrastructure. Here, costs can be optimised by adopting a
common platform able to fulfill both teams’ data investigation,
reporting and case management needs, while covering the specifics
of each function at the same time. For example, reconciliation for
revenue assurance or timely fraud detection for fraud
management.
VP: You’ve talked about enterprise business assurance. Please can
you explain what you mean by this?
RA: In its essence, enterprise business assurance is all about
using systems to improve operational effectiveness and manage risk.
Revenue assurance is the element of this concept focused on revenue
streams, monitoring systems and processes, and reconciling data
with the goal of detecting revenue leakages. However, this is not
the only thing that needs to be addressed in business assurance.
Margins for example are a key element, but to assure margins we
have to work both on revenues and costs. Assets are another example
– both tangible, like handsets or other equipment, and intangible
like reputation. And shouldn’t a company also be concerned in
accomplishing its objectives? When we talk about enterprise
business assurance we aim to extend this concept beyond revenue
assurance or fraud management to other different control functions
and departments such as enterprise risk management, internal
auditing, compliance, security or management control.
VP: Why is business assurance so relevant for CSPs? Do you see it
as trend being adopted in organisations?
RA: Revenue assurance was a function that barely existed twelve
years ago. It is now a mandatory function for every mature CSP. And
while fraud management has been established for much longer, its
scope is continuing to broaden and become more sophisticated. The
value of having fraud management and revenue assurance working
together is clear, but it should also be integrated with security.
Particularly now we are migrating to all IP platforms like LTE. As
margins are being crushed and the pressure for cost optimisation
and efficiency improvement increases, it will become fundamental to
adopt this broader concept. It’s no coincidence that the TM Forum
currently manages disciplines like fraud management, revenue
assurance and enterprise risk management, among others, all under a
business assurance programme.
VP: How is WeDo Technologies prepared to deliver results that
address the challenges that you mentioned before?
RA: This year we have reached another milestone by launching RAID
7, the latest edition of our business assurance suite. This version
has been entirely redesigned to bring the added value of user
empowerment, mobility, enterprise collaboration and extended
support of advanced analytics and big data to the performance,
scalability and flexibility of older versions. With this new
product, we have the foundations to support business assurance at
an enterprise-wide level, fostering collaboration and maximising
cross-team efficiency in a common platform that is able to grow and
address other areas progressively, according to a CSP’s needs and
priorities. Other initiatives are also ongoing to utilise this
platform potential across the entire organisation. There will
inevitably be several challenges to surmount but we’re confident
that the hard work and focus that has made us the current market
share leader will help us accomplish our goal of achieving true
enterprise business assurance.
VP: You are the leader of the TM Forum’s Fraud Group. What are the
key areas of activity at the moment?
RA: The focus right now is to establish and evolve best practices
for the fraud management process that can support CSPs in their
continuous improvement of this discipline. The collaborative
environment of the TMForum is great for achieving this, bringing
together contributions from fraud management experts within CSPs
and solution providers as well as experts from other areas such as
data analytics, enterprise risk management and revenue assurance to
name a few.
In two years we have already been able to deliver a lot of
material. One particularly interesting concept is the Fraud
Classification Model (FCM;) the first formal model based on the
core concept of splitting the vulnerability exploited to commit
fraud, the fraud enabler, from the fraud objective itself, the
fraud type. This is intrinsic to having a trustworthy and
actionable case history repository, or to extract value from
surveys or benchmarks. This will ultimately enable CSPs to avoid
situations where multiple frauds are committed in the same case,
but no formal model exists to address it. The model has received a
good reception from the industry and the concept is already being
widely adopted. FCM is also the foundation for the Metrics and
Performance Indicators system defined and published by the TM
Forum. This system provides CSPs with a comprehensive set of
metrics and KPIs for measuring process effectiveness, efficiency
loss analysis, loss analysis and more.
Currently, the TM Forum Fraud Group is working on the Fraud
Management Maturity Model; a valuable tool that will allow CSPs to
assess the maturity of their own processes and ultimately define a
roadmap for improvement.
The focus right now is to establish and
evolve best practices for the fraud
management process that can
improvement of this discipline
TA L K I N G H E A D S
Raul Gomes Azevedo
2 1
was both pleased and puzzled when VanillaPlus asked me to write
this analyst report on the state of revenue assurance and fraud
management (RA/FM). I loved the idea that I had plenty of material
to
draw on, having interviewed several dozen CSP and vendor experts in
the assurance community over the past couple years. Yet I was also
puzzled over this task – puzzled because I know how hard it is to
nail down a field like assurance that’s so fluid and dynamic. In
the assurance market, permanence is a word of degrees. RA, FM and
the many other assurance functions live in a kind of no man’s land
that’s outside of – but in direct contact with – a CSP’s operations
teams in billing and network operations
If all goes well, whenever assurance experts innovate and create
something of value, those techniques and systems are eventually
adopted by operations to streamline the ordering process, block a
malicious hacker, educate the provisioning team, or fine tune the
billing software.
I think we can honestly say, then, that the best assurance teams
are those who successfully work themselves out of a job – but are
constantly finding new places to help their organisations become
more efficient and profitable.
In this report, I’m going to walk you through several of the
important trends I’ve gathered from my conversations with RA and FM
experts. I’ve accompanied this text with tables that group the many
assurance functions so you can see the breadth of coverage.
Finally, I’ve compiled a table of assurance trends and strategic
directions as additional food for thought.
Revenue assurance: It’s more than finding revenue leaks Revenue
assurance is the operational auditor of ordering, billing, and
provisioning flows. RA looks for
errors in: faulty systems, software, and processes in a thousand
varieties.
Now somewhere along the way, the mission of RA got sidetracked as
reports that floated on the web quoted outlandish – and laughable –
revenue leakage recovery rates in the order of 10% or even 15% of
revenue. Those days of unbridled hype are behind us. Thomas
Steagall, head of the Risk Management Consulting at Ericsson whose
team has helped numerous CSPs in this area puts the revenue
recovery target at the far more realistic rate of 3% or less.
This makes eminent sense. Over time, a CSP fixes the revenue leaks
it found last year, so sooner or later RA can no longer capture the
same low- hanging fruit it found in the previous year.
In truth, revenue is only one measure of assurance value. Service
profit, customer experience and optimal network usage are other,
equally important measures of value and places to measure leakage –
but the leakage is of a different order, measured in less customer
churn and more people recommending you on Twitter.
Introduction
I
The author, Dan Baker, is research director at Technology Research
Institute
2 2
Focus of Excellence
Business Process Expertise of Assurance Staff
In-House vs. Outsourcing
Data & Application Types
Sales Compensation
Traditional Focus
Tackle all known areas of RA and Fraud risk with little context to
wider business risks
Special purpose data marts are adequate with sampled data
Each department focuses on improving the problems in its vertical
silo.
Offer broad service offering. Widely advertise and market to poach
rivals' customers. Acquire competitors at huge cost.
Offer narrow service offering using niche ads and guerilla
marketing to gain awareness.
Revenue leakage that's easy to put a monetary value on, such as
under-billing.
Technical expertise is critical aspect of BA function.
Best of breed software solution brings much of the expertise.
Largely in-house software and assurance managed by internal
experts.
Relational Databases and formal applications.
Data source, reconcilations, and reports are configured for the
Assurance Department.
Mediated CDR/EDR usage streams.
Little crossover between business assurance and analytics
platforms. BA platforms serve the RA, fraud and cost management
functions.
Sales compensation plans exist, but they lack flexibility and often
don't dovetail with larger business goals.
Future Trend
Attack a wide variety of operational problems based on evaluating
the risk impact on the business.
Huge volumes can be managed using big data platforms. And you can
now examine the invaluable outliers.
Greater focus on end-to-end horizontal processes as business drives
to excel in narrower mission critical services/products.
Deliver such a high quality experience that reason to churn goes
away. Broad and complex service portfolio make assurance a mission
critlcal function.
Attempt to pick off the bottom 25% of subscribers and service them
profitably. The need to reduce costs ups the need for superior
assurance.
Leakage that's hard to put a monetary value on, such as assuring
the network to deliver a superior customer experience.
Growing software sophistication requires less technical
experts.
Software grows hand-in-hand with analyst expertise. Train internal
experts via visits from external consultants.
Firms that lack resident experts will outsource staffing to manage
software and/or run assurance operations.
Also unstructured, machine data with shrink-wrapped search.
Increasingly, analysts will tailor the assurance methods and output
to their own personal needs and device of their choice.
Many new sources: DPI, handset-resident data, Radio Access Network,
even social media.
The broader organisation utilises the BA platform. New analytics
apps for finance & marketing get real by layering use cases on
top of platform.
Gross margin-based compensation plans ensure sales incentives synch
with business objectives. Business assurance programs gain greater
funding automatically.
BUSINESS ASSURANCE
2 3
So direct revenue is only one aspect of the assurance mission. The
best measure of RA success is a business one – long-term business
profitability because the good customers stay with you for many
years and recommend you to their friends.
Above all, what CSPs need in the new era is a kind of predictive
assurance that uncovers problems early in the service delivery
cycle and enables a CSP to avoid the downstream costs of incorrect
bills or truck rolls that didn't have to happen.
The rise of business assurance A useful way of thinking about
assurance is in terms of business rules and policies.
The billing rates, usage limits and implicit or explicit quality of
service targets a CSP sets for its customers are nothing more than
internal rules or policies it establishes as terms of doing
business.
So looking at revenue assurance more broadly, there are a great
many operational activities to check. So the question: Did our VIP
customers get that superior standard of customer experience we
wanted them to get? becomes just as valid as: Did we accurately
translate rating rules to the invoice?
The quality of an order affects not only revenue but customer
satisfaction. If one piece of a complex order drops through the
system, then the customer calls back to complain: "You told me this
was part of the package, but I'm not getting it."
So as we go forward, the term business assurance becomes a much
better description of what assurance experts will do. It’s not as
if RA folks will abandon switch-to-bill reconciliations. They
won’t, but savvy assurance teams will certainly keep an eye on
risks from a wider business point of view.
For instance, if a mid-sized CSP is facing a 2% rise in its
interest rate of borrowing, it could go out of business if it
doesn’t find an alternative source of capital. In a case like that,
it might be more prudent to temporarily reduce spending on
assurance till the financial crisis is over.
The new focus will be to scan for assurance problems across the
entire company. And this trend serves assurance experts well
because they need lots of contact with other areas of the company
anyway. We can fully expect that the software
platform that serves RA/FM will provide views and analytics for a
wider number of people.
The demand for highly-skilled business assurance experts In the era
of big data and bring-your-own-data, it’s no surprise that the
technical side of assurance is getting easier.
Today you can crunch out a big analysis with tons of data in a very
short time, so the frequency and scope of audits can depend more on
the risks at stake. If there’s something that’s seriously wrong in
any area, you can put your highest-skilled person on that
issue.
This greater flexibility and analytics power has got Eric
Priezkalns, editor of the talkRA blogging site, excited about the
future of RA. “When you relieve the RA department of the everyday
task of monitoring, it can take on a more strategic role,”
Priezkalns says. “You can start asking key questions like: How did
things go wrong in our business? And where should we be putting our
emphasis to improve? In that world, the emphasis shifts away from
looking at data sets to improving the business.”
And yet there’s a problem. Not enough investment is being made by
CSPs and solution vendors to upgrade the knowledge of assurance
experts. Without that knowledge, how can they expect them to take
on broader responsibilities and analyse business operations on a
larger scale?
Now in some markets like the Middle East, CSPs often lack a
home-grown RA expertise, so it’s common for those CSPs to outsource
day-to-day business assurance operations to a software provider.
While hiring outsourcers has its advantages, assurance is certainly
a core competency that deserves to eventually be brought back
in-house by virtually every CSP.
What’s more, every assurance vendor also has a vested stake in
seeing the professionalism of the assurance function grow. An
upskilled CSP employee can drive increased demand for software from
within the CSP in ways that a less-skilled dashboard user never
can.
In North America, it’s common practice for small to medium size
CSPs to hire consultants to periodically come in and refresh
internal knowledge and systems, especially at CSPs where RA is not
a full-time job.
2 4
Likewise, the UK office of PricewaterhouseCoopers has its RA
experts mentor the revenue assurance managers of its CSP customers.
It’s a two phase approach: in phase one, the manager-in-training
watches how the PwC expert manages the assurance function. In phase
two, the manager takes the reins as the PwC consultant steps aside
and merely offers advice and answers questions.
In short, getting consultants involved seems like a splendid way to
keep assurance expertise alive and constantly improving.
Aligning assurance with the business While revenue assurance is
about auditing and improving operations, to get the job done RA
experts need to successfully sell their programme to upper
management and convince them that assurance is a high priority
activity.
That’s not an easy task – especially if the business itself gets in
the way. For example, a CSP’s method of compensating salespeople is
often at odds with the larger mission of securing profitable
contracts.
Say two salespeople are going after network business from an
international enterprise. If the Paris salesperson is
incentivised
on traffic originating in Europe, and the Tokyo rep is rewarded
only for AsiaPac-originated traffic, guess what happens? Each sales
rep pushes for the maximum amount of outgoing traffic from their
region with little regard to whether the CSP is actually making
money on the deal.
But what if the gross margin of the deal were the gating factor for
sales compensation? If that were the case, you’d find the needle
would almost effortlessly move in the right direction: the European
and AsiaPac salespeople would work together to maximise the overall
gross margin.
And if the right kind of sales incentives are set by the business,
RA can also move its mountain much more easily. When a sales guy
complains that his gross margin is terrible, the RA pro can turn
around and say, “I’ve got three things we’ve been trying to do that
will pump the gross margin up another 10 to 15 points.” Suddenly an
adversarial relationship is replaced with a collaborative
partnership: the sales guy becomes an advocate and goes to bat for
RA.
Revenue assurance’s proper role as a supporter of the business is
reinforced too. Rather than boiling the ocean and trying to be
efficient everywhere, RA’s energy is channeled toward the
niche
Area or Problem Space
Customers to Assure
RA Maturity Dimensions
Enterprise billing
Traditional Focus
Relatively simple bills with bundled services to verify rating and
usage.
Prepaid and charging require an inordinate amount of revenue
assurance due to multiple platforms on the backend.
Order-to-Provision & Bill-to-Cash
1) Data Completeness & Accuracy 2) Rating Excellence
RA departments play limited role in enterprise business due to
complexity of custom contracts and subaccount hierarchies.
Future Trend
Complex mobile data plans with usage limits, shared family plans.
Onus moves to optmise prices for specific lifestyle plans.
Market adopts centrally managed, but distributed charging systems.
Hybrid model allows postpaid subs to pay for certain
content/services on the fly.
End-to-end processes that assure the customer experience in niches
the business chooses to be excellent in.
VIPs across Enterprise, Consumer and Partner Markets (including
group and hierarchical accounts).
3) Margin Analysis 4) Cash Flow /Dispute Management 5) VIP Customer
Synchronisation
Expanding enterprise portfolio in wireless, cloud and IT
outsourcing will require assurance monitoring, particularly to
mid-sized enterprises.
REVENUE ASSURANCE
2 5
services the business is aiming to become excellent in.
Ed Shanahan, former head of RA at TMNG, puts it very well: “I think
the approach that gets it most right is the one that looks at the
business as a horizontal flow of activities and data. That approach
forces you to have a cohesive look at running particular business
processes and services end-to-end.”
RA maturity: Why customer responsiveness is key While the focus
needs to be on horizontal services and processes, it still pays for
revenue assurance teams to look more broadly at their internal
progress.
For that purpose, Mark Yelland of the RAAIIM consultancy in London
has developed a nifty grid for getting a quick read on RA maturity
(see the diagram below).
Yelland believes CSPs have made quite a bit of progress in the
first four dimensions, and figures they will begin to expend a lot
of time and effort on dimension 5: customer responsiveness. Now a
CSP can’t afford to be responsive to all customers, so this is
where VIPs of all varieties – and especially enterprise customers –
loom large. Yet here’s the surprising thing: CSPs
today are not very good at assuring the processes and systems that
support enterprise customers.
This presents a major opportunity because serving up enterprise
clouds and data centres is big growth market for CSPs. Yet nearly
every major deal a CSP makes with large enterprise customers is
negotiated as a custom deal.
Many of the deals require a unique product catalogue and pretty
complex account hierarchies. There’s inevitably some special
pricing, such as multi-year or multi-location discounts.
Jim Dunlap, president of Cycle30, gives a good snapshot of the
coming complexity: “A state government we serve got highly creative
recently. They said, guess what, we want you to offer state
employees a discount for wireless voice and data services. We want
that to be under our state plan, but you need to send each employee
their own bill to pay. Oh, and be sure to quantify for them how
much they are saving because they ordered their wireless as part of
our state employee plan.”
You can bet that enterprise VIPs are super important to track as
well. After all, you don’t ever want to cut off the state
treasurer’s account because her husband forgot to pay their
cellular bill.
The revenue assurance of wholesale and carrier management The
telecoms wholesale market reached US$170 billion in 2012.
That’s an astounding amount of money. But whether the wholesale –
or inter-carrier/partner trading – market actually grows or
declines is of little consequence. The fact is that carriers are
highly reliant on wholesale partners for the same reason that
international trade contributes to the efficiency of a country’s
internal economy.
One thing’s for sure: as wholesale prices fluctuate and thousands
of new tariff documents are transmitted daily, adjustments need to
be made, new partnerships must be formed, and old partners
disconnected so carriers can maintain healthy margins.
In the future, you can bet that trading IP content services across
multiple partners and many pricing models will cause far more
assurance headaches than tracking circuit voice call minutes.
Dimension Description Key Question
1 Source Data Is all the information needed for Completeness
billing getting there? Is it accurate?
2 Rating Accuracy Are we charging correctly for the network usage,
content, tariffs, taxes, promotions and discounts?
3 Margin Are the prices and usage limits we Assurance set for our
complex bundles of services actually making money for us?
4 Optimum Cash Have we delivered the services, Flow billed them
correctly and resolved disputes in time to ensure we are
expeditiously paid?
5 Customer Are our systems fine tuned to Responsiveness meet our
commitments with VIPs in all spheres: enterprises,
wholesale/content partners, and consumers?
The Five Dimensions of Revenue Assurance Maturity
2 6
Any way you look at it, wholesale systems are headed for more
transactions, more settlements, more routing, more QoS – and above
all, more complexity. And that means there’s a big need to automate
and assure revenue.
The data integrity challenge of wholesale trading To understand how
tough the data integrity problems are in wholesale, consider how an
e-commerce firm manages its transactions by comparison. When Amazon
sells a book, it’s a one-and-done deal. The book is shipped by a
distributor and there’s a clear chain of custody. If it’s a Kindle
e-book, that transaction is also neat, clean and managed on a
single database.
Wholesale is a very different game because the information is
widely scattered. The interconnect billing guys maintain their own
database, least cost routing instructions need to be sent to
engineering for translation, and the business traders work off
their own data stack. And underlying it all are big volumes –
millions of bills, price lists and agreements being exchanged each
month. In India and China, that’s millions of transactions per
day.
Here’s briefly how wholesale works. Telecom Italia has 300-odd
partners around the globe. When it wants to buy certain network
destinations in New Zealand, it works with Telecom New Zealand.
Once an agreement is signed and the initial pricing and
destinations are set, the term of that agreement is seven days,
after which the latest price list determines the terms of
trade.
But it's not that simple. Often an amended agreement will add or
subtract destinations. Certain clauses in the contract may also be
revised to prevent prices from being changed too often.
Figuring out the actual traffic destinations often requires an
overlay numbering system. For instance, the city of London has
several destinations: London Landline, London Wireless, London
North, and London South, and London Government. So the language in
the contract must be further defined to the make the wholesale
contract precise.
In recent years, the majority of large CSPs around the globe have
rallied around iXLink, a de facto and carrier-neutral business
exchange developed and managed by Telarix. This is a revenue
assurance boon to wholesale because the exchange validates data
coming in, normalises that data, and removes the errors that always
come when human hands touch lots of data.
The future complexity of wholesale The experts of the business are
supremely confident that wholesale’s best days are ahead of them.
Imagine what happens the day, they say, when Google, Facebook,
Baidu, and other Over The Top (OTT) players move into the wholesale
mix.
One thing is clear: content is finding its way in the wholesale
channel in a big way. Demand for demographic-related and
language-specific content is growing. For instance, a huge amount
of Spanish content is being wholesaled today and people are
figuring out how to economically host and store video in the
cloud.
The future also bodes well for lots of ad hoc exchanges. You’re
sitting in Leonardo Da Vinci Airport and you get an offer from
Telecom Italia to surf on their Wi-Fi network for 30 minutes, but
the billing will be handled by a peer-to-peer arrangement or
settlement between Orange, your home operator, and Telecom Italia,
so you pay no extra fee for that Wi-Fi access.
Area or Problem Space
Traditional Focus
Verify invoices, dispute charges, negotiate for the best
rates.
Interconnect billing, least cost routing, cost audit and trading
functions are managed as separate system silos.
Future Trend
Greater coordination of engineering, finance and the business to
profitably exploit all traffic options: peering, LCR and network
build.
Greater integation is coming. Increasingly, wholesale trades and
partnering decisions will be driven off a single integrated data
mart that promotes strong coordination within the CSP team.
CARRIER/PARTNER ASSURANCE
2 7
Fraud management Fraud threats in the circuit switched world of
only 15 years ago were relatively tame. Phone hackers stealing
voice minutes were a minor annoyance. The biggest threat was
probably on the credit side: a seemingly promising startup business
racked up 30 to 60 days of charges then skipped town before paying
the bill.
But those sleepy days of small town fraud are gone forever. Today,
the fraudsters have long since packed their smartphones, routers,
and fake IDs for the big city.
Threats are exploding, in part, because today’s communications
world is a candy store for the fraudster – so many mouth-watering
opportunities to steal a fortune: errant SIM cards, on-line banking
accounts, mobile banking, and hacking into a VPN when an employee
logs on at Starbucks.
The IP network is a chameleon – good at camouflage and identity
spoofing in part because control is widely dispersed. Your traffic
might pass 50 IP nodes from London to Rome. And at any point,
someone can sniff your traffic, intercept it, and pretend they are
the destination.
Here’s a quick rundown on a few of the biggest threats: • IP-PBX
hacking – The security of IP-PBXs is very slim and hackers are
breaking into PBXs morning and night. If PBX hacking goes
undetected over a weekend, it could spell
tens of thousands of dollars in lost revenue. The CFCA estimates
that PBX hacking costs CSPs about US$4.6 billion annually.
• Subscription fraud is a major concern as customer IDs are being
stolen. People can’t seem shake the bad habit of storing passwords
in the clear on their smartphones, tablets, and PCs. Couple that
with the fact that it’s easy for fraudsters to give their web
portal the look and feel of Paypal and that’s recipe for a tons of
empty wallets and bill shock.
• International Revenue Share fraud. Minute bypass fraud is not
that attractive in the age of Skype but in countries such as Cook
Island in the Pacific, the international termination rate is more
like 60 cents, a magnet who fraudsters who hijack PBXs and
smartphones to ring up a fortune. One hopeful development here is
an Android-based app proposed by cVidya to detect, report, and
automatically block premium rate service calls and malicious
botnets on the device.
• M2M fraud is another looming issue. Automatically activating
thousands of SIM cards at once is powerful capability, but it
brings with it great risk. In South Africa, people have been
arrested for stealing SIM cards from traffic light systems and
turning them into platforms for international revenue share
fraud.
Area or Problem Space
Fraudster Threat
Traditional Focus
A threat for the security department to handle.
Fraud detection is the enterprise or retailer partner's issue to
worry about on their own.
Future Trend
Many entry points: DPI, sales, dealers, M2M networks, even insider
fraud.
Professional Criminals doing Identify theft, IRSF, and PBX hacking.
Also, broadband users abusing their terms of agreement.
A risk appraisal of vulnerable areas in coordination with security
directs priority of fraud assurance effort. You can no longer
investigate everything because IP fraud footprint is too big.
An integral aspect of fraud assurance, particularly as smartphones
become a major IRSF launch pad.
Help the enterprise or retailer so fraud doesn't cause my partner
to go bankupt.
FRAUD ASSURANCE
2 8
• User abuse of mobile broadband plans. Much of tomorrow’s FM focus
will be monitoring user abuse, not just fraud. The fraud department
will have full visibility over shared data plans and other bundling
schemes, providing invaluable intelligence to marketing on how to
best tweak usage limits and policies to maximise customer
satisfaction and curb users taking unfair advantage.
Focus on the most important threats The new threat gateways are so
numerous that CSPs can no longer afford to develop technical
solutions for every threat. And understanding where to focus a
CSP’s fraud and security energies and resources is no easy
task.
Fraud expert, Mark Johnson, of The Risk Management Group is
sounding the alarm that CSPs need to radically improve their
methodology: “Making the right choices will require a much broader
intelligence: an understanding of fraud and security infrastructure
such as traffic usage data, IP intrusion appliances, and physical
barriers,” says Johnson. “But also key is real-life experience in
fighting criminals and devising strategies to anticipate their next
moves.”
In the past, the goal of fraud departments was to investigate every
data anomaly – turn over every rock. But you can no longer do that.
Today, you need to look in a focused, more strategic way because
the risks are so many and so widely dispersed.
CSP executives are asking the right questions: “Show me where I’m
at risk and where I’m most vulnerable?” And that’s reflected in the
way FM budgets are approved. The teams who get the money these days
are the ones who are risk-aware and can cite specific threats,
figures and KPIs.
Big data finds the outliers Fraud managers fully recognise they
need to reinvent themselves, especially now that the IP/mobile
broadband typhoon has made landfall.
In short, fraud managers need to investigate areas outside the
classical boundaries that have hemmed fraud managers in. It’s no
longer just about analysing CDRs: numerous other data sources have
entered the mix as well.
And big data platforms have become a highly welcomed comrade to
fraud assurance pros. The reason? Big data enables you to see
outliers you could never find through statistical sampling.
Here’s a true story courtesy of TEOCO. A CSP in New York City
couldn’t understand why its wireless network in the city was
experiencing a major slowdown every business day from 9 to 5
o’clock. When big data was put on the case, the culprit was found
to be a single taxi company. Using a free, all-you-can- drink
wireless account originally set up to handle credit card
transactions, the taxi company was piping videos to the back seat
of its cabs so customers could watch movies and TV as they ride to
the airport.
Here was one company out of a million, but the damage it caused was
tremendous. And the problem went undetected because it lived
outside the boundary of what fraud managers were trained to look
at.
Fraud management for enterprises and wholesale partners One rather
creative way fraud managers are adding value these days is reaching
to their enterprise customers and wholesale partners to give them
an assist with fraud monitoring.
For enterprise clients, one particular area of promise is feeding
vital intelligence to them about PBX hacking. Not only does this
fraud alert service increase the stickiness of an enterprise
customer, it also boosts the reputation of the fraud department
within the larger CSP organisation because fraud management is no
longer seen as mere cost centre. The fraud department is adding
value by reducing enterprise customer churn or maybe even
generating some revenue on its own via a managed service
offering.
Likewise, it makes great sense to protect your MVNO partners from
goes under. If they go bankrupt, there’s liable to be a big fat
network bill that doesn’t get paid.
On the technical side, of course, monitoring fraud for a wholesale
partner is quite a challenge. You see huge volumes of traffic
passing by, but you lack the customer details to set the context,
so it’s often tough to determine: “Is this a fraudulent case or
valid payable traffic?”
The rising value of network assurance Provisioning validation and
stranded assets checks have always been major focus points of
revenue assurance, but odds are that network assurance will become
far more critical in the years ahead.
LTE will raise expectations of greater service quality and an
expanded access to TV and movies on demand. And it puts a big
burden on ensuring the extra capacity is there.
2 9
And the tie-back to customers is knowing that a bank branch in a
certain region is vulnerable to losing quality coverage. So
connecting that intelligence back to customer usage stats makes it
easy to prioritise network capex, migrations and proactive
maintenance.
Name any major accounting firm in Europe. If a senior partner at
that accounting firm can’t get through to an important customer,
there’s justification for ditching the current network
provider.
Pricing isn’t the issue, it's availability: a service business
like
accounting makes money by being available to its clients. So in the
future, revenue assurance may be less about checking bills and more
about roaming the city streets with geo-locating phones or even
working with Radio Network Access reports that show network
connectivity in high traffic areas of the city. By checking call
durations and signal strength, you exactly mimic the customer
experience.
But it’s not just radio signals you’re monitoring – it’s virtual
revenue. The currency of the day is greater customer satisfaction
and a chance to take business away from a rival whose RA team has
its head down auditing invoices.
Area or Problem Space
Nework Provisioning & Capacity Planning
Visibility over network stranded assets is poor. Capacity
allocation is primarily a long term planning activity.
Firefighting response to crisis with poor visibility to who gets
priority help.
Future Trend
Network Provisioning to optimize capacity, redundancy of network
CAPEX. Capacity also allocated in near real-time to support VIP
customer experience.
Proactive and first-alert response to ensure VIP customers are
taken care of.
NETWORK ASSURANCE
3 0
Company summary cVidya is a supplier of revenue analytics solutions
to communications and digital service providers. With its 15 years
of revenue and fraud assurance experience, big data platform and
analytical applications, cVidya enables CSPs to optimise profits
and enhance decision-making.
cVidya’s client base comprises of more than 150 CSPs, including
fixed, mobile and international carriers, as well as triple/
quad-play, ISPs, MVNOs, cable, and media operators. Tier one CSP
customers include British Telecom, Telefónica/O2 Group, Vodafone
Group, Orange, AT&T, MTN South Africa, Swisscom, Deutsche
Telekom, Bell Canada and Sprint.
Revenue & Fraud Assurance credentials cVidya offers three major
solutions in business assurance:
• MoneyMap Revenue Assurance is an end-to-end, carrier- grade suite
of revenue assurance products designed to address all aspects of
revenue-related risks.
• MoneyMap Risk Management is a SaaS-based platform that enables
managers to evaluate their practices while proposing risk
mitigation plans and minimising the exposure through enhanced risk
management methodologies.
• FraudView Fraud Management is the most widely deployed Fraud
Management platform in telecoms. FraudView now checks for open
garden fraud where mobile applications disguise themselves as free
apps so usage is not charged.
Key differentiation cVidya is an innovator in business assurance.
It was the first to deliver a sales channels risk solution to
verify commissions and identify potential dealer fraud in the
mobile market. Today it’s a leader in helping CSPs assess
operational risks so they can adjust their revenue assurance and
fraud strategies, focus on the biggest threats and better align
with the business priorities.
Competitive pressures cVidya is expanding its business assurance
platform to serve broader analytics use cases, so it now competes
with players who specialise in big data analytics. cVidya’s
differentiator is to offer its customers an Insight BI layer on top
of the RA and FM platform they already own; marketing analytics
capability looks at customer usage, locations, OTTs and content
types; transformation assurance checks for revenue leaks during
system migrations and reduces the number of price plans; margin
analysis delivers service profitability across fine-grained market
segments. In short, cVidya offers one analytics platform serving
business protection and business growth.
Company Summary Telarix is a provider of wholesale
(carrier-to-carrier) systems that manage the trading, routing and
billing of wholesale voice, data, SMS, video, and other content.
The company also develops and maintains iXLink, a global
information exchange for wholesale business. Eighteen of the
largest 20 CSPs in the world are customers including Telecom
Italia, Deutsche Telekom, Verizon, China Mobile, Telefónica, Telus,
AT&T, Skype, Orange, América Móvil, and Embratel.
Revenue assurance credentials Telarix has taken revenue assurance
for carrier management to a new level by putting billing, trading,
and routing in one integrated data warehouse. Key modules of the
Telarix suite include:
• iXLink is a neutral information exchange platform that enables
carriers, resellers and emerging market providers to automate
interconnect processes and share documents.
• iXTools is the internal-managed data warehouse that allows
wholesalers to control and optimise their wholesale business and
settle payments with partners. Underlying modules within iXTools
include:
• iXBill is Telarix’s interconnect billing system. • iXAudit is an
end-to-end audit and dispute management
system. • iXRoute automates least cost (or optimal) routing
processes
as it analyses costs, margins and network conditions. • iXTrade
automates the wholesale buy and selling processes.
Key Differentiation Telarix’s strength in the wholesale sector
dates back to 2007 when Verizon, Deutsche Telekom and Telecom
Italia asked Telarix to create standard processes for them to
exchange price lists and contractual information. That was the
genesis of iXLink, the business exchange that is used today by
3,000 carriers around the globe and performs millions of monthly
transactions.
Competitive Pressures Telarix’s iXTools has been a high-end
Ferrari-style data warehouse tailored to the needs of tier one
CSPs. A year ago, Telarix introduced the SaaS version of iXTools
which brings the price point down to a level where tier two and
three CSPs can buy the solution. iXBill, a relatively new product,
competes with rival interconnect billing solutions that have been
deployed over a decade or more. To differentiate, Telarix stresses
the revenue assurance and business optimisation benefits of having
billing, trading and routing in one platform.
3 1
About Technology Research Institute Technology Research Institute
(TRI) is a boutique market research firm that has been tracking
telecoms BSS/OSS developments since 1994. In 1996, TRI published
the first-ever syndicated research reports on fixed and mobile
billing systems. In recent years, TRI has focused on business
assurance and analytics. In 2013, TRI published a sweeping
40-vendor, 515-page report on the market for ‘Telecom Analytics
& Big Data Solutions’. Dan Baker, TRI’s research director, is a
regular contributor to Vanilla Plus.
www.technology-research.com
Company Summary WeDo Technologies is a specialist in revenue and
business assurance, providing software and expert consultancy to
analyse an organisation’s big data and protect revenues, save costs
and make the operation and business more efficient with a
significant ROI. WeDo Technologies’ 450 professionals work with
companies in retail, energy and finance industries, and with 140
CSPs in more than 80 countries. Reference customers include: Orange
Group, Vodafone Group, Verizon Wireless, Telefónica, Oi Brazil,
DiGi Malaysia and Etisalat Egypt.
Revenue & Fraud Assurance credentials WeDo’s RAID 7 is a
revenue assurance and fraud management business auditing software.
Its main telecoms industry business modules include: • Revenue
assurance – Eliminates revenue leakage by
reconciling consumption information, pricing and billing
systems.
• Traffic analytics and cost management – WeDo Technologies’
netCLARUS analyses billions of records to help identify, monitor
and reduce variable network operating expenses and positively
impact profitability.
• Rating and billing validation – WeDo Technologies’ RAID:RBV is an
independent rating and billing auditing solution for complex and
convergent pricing schemes.
• Fraud management – WeDo Technologies’ RAID:FMS 7 provides
real-time protection for legacy and next generation services by
identifying suspicious fraud and abuse activity.
Key differentiation WeDo Technologies is the market share leader in
revenue assurance. The company is committed to delivering long-term
profitability and efficiency gains to each customer’s business. It
does that by ensuring its software solutions optimise process
efficiency, make analysts more productive, deliver better system
performance and satisfy users. RAID 7, WeDo Technologies’ new
software suite, brings rich collaboration tools to the suite as
well as better detection, prediction and optimisation to improve
the accuracy of rules during root cause analysis.
Competitive pressures WeDo Technologies distinguishes its products
from those of rivals by emphasising its superior collaborative
abilities. WeDo is a global software development and integration
company known for its skill in executing programmes and working
well with customers. As a business unit of the retail and telecom
conglomerate Sonae, WeDo enjoys strong financial backing and has
achieved 12 consecutive years of positive EBITDA, allowing it to
continue to make strong yearly investments in research and
development.
3 2
The author, Efrat Nissimov,
is director of product
management at cVidya Networks
Transformation is a regular, on-going activity in any CSP's life.
It’s not only the big bang transformations that impact entire
organisations, it’s a series of mini-transformations that put CSPs
in a constant state of change. At any point in time about 25% of
CSPs are involved in some form of system transformation or another,
be it a billing migration, CRM replacement, new network roll out,
or a major NMS upgrade. Here Efrat Nissimov introduces the concept
of transformation assurance
t cVidya, we know these system transformations and network
migrations are a big deal: they are major revenue- impacting
events. So to highlight their importance we have proposed a new
revenue assurance buzzword:
transformation assurance.
Data integrity From a revenue assurance point of view, whenever a
transformation occurs, it should raise a big red flag. Why –
because data integrity issues are bound to crop up as CSPs move
vital information from a legacy system to something new.
So what needs to be checked? Many things. For instance, if it's a
billing system migration, CSPs want to be sure that all price plans
and the many attributes of those price plans were copied
successfully to the new system. Did all the tariff tables get
converted? Did all the business rules move over?
Likewise, in a CRM replacement, CSPs want to be sure all
subscribers and their profiles were moved over properly – and that
subscribers are aligned with the right pricing plans, the product
catalogue and services. The same sorts of integrity checks apply to
any BSS, OSS or NMS (Network
Management System) system being transformed. There can be many
sources of error: anything from complex technical glitches to
simple human mistakes. The scale of telecoms operations also
contributes to problems.
Challenges of LTE launch When a CSP is launching a new LTE network,
the data integrity challenge is huge because an entirely new
network is being introduced. One key area to double check is the
information being moved from the HLR (Home Location Register) to
the HSS (Home Subscriber Server). The data must be aligned
correctly, otherwise subscribers will not receive services or they
will receive services they are not being billed for.
CSPs also need to ensure that the integrity of porting and
mirroring to new network elements is solid. The process is even
trickier because LTE brings with it new QoS-based and consumption-
based rating schemes, so those need to be checked as well.
Whenever a variety of network elements come into play like that,
not only must the integrity be there, CSPs also need to check for
revenue leaks and conduct a margin analysis. Otherwise they could
end up provisioning services in unprofitable ways.
Migrating systems or launching LTE next year? don’t forget
transformation assurance and optimisation
A
3 3
Now performing such vital transformation integrity checks is a
pretty straightforward task for a company like cVidya. For us, it’s
a matter of adding new KPIs and revenue leakage controls. We
conduct such assurance checks for clients on a managed services
basis. Usually we bring in a small team of our own experts to
overlook the process and run the analysis on cVidya's own backend
systems.
A perfect time to perform pricing plan optimisation Many CSPs
recognise that transformation is the perfect time to do some system
house cleaning. And one particular area that cVidya sees a lot of
value in is streamlining price plans.
To give an example: one mobile operator customer of ours has 52,000
price plans – they haven't cleaned their price plans for 14
years.
Maintaining such a high number of price plans is very costly. The
most obvious cost is the time and effort required to maintain those
price lists and make routine rating plan changes to them. Plus,
there are many hidden costs such as CSR training, invoice template
maintenance, revenue leakage and others. Another big item is
hardware and associated technology costs. Keeping old price plans –
especially the ones with a minimal amount of customers related to
them – on costly servers and storage prevents CSPs from moving them
to economical blade servers and disk farms.
But what if you could reduce your number of price lists
significantly? From our experience CSPs can save millions a year in
this process.
So what can be done to reduce the number of price lists and
optimise the migration of customers in the most optimal way?
Figuring that out is a fairly complex undertaking. The 10,000
subscribers who sit on a legacy plan should probably be moved to an
array of modern rating plans, but randomly moving subscribers
doesn’t work because the CSP needs to figure out how that movement
will impact ARPU and subscriber usage.
In short, CSPs need to gain a marketing or price view of their
price plan migration. cVidya offers this analysis as a managed
service where we bring in
our dedicated pricing experts and backend systems.
As you well know, billing migration is a huge project that often
takes two or three years to complete. In that time, the billing
staff usually has their heads down working with the billing vendor
or systems integrator to get the job done. For this reason, I
think, an outsourcing arrangement makes sense. The pricing plan
migration is very straightforward: no need to implement a software
product or get trained on it. It's a service.
At cVidya, our process of paring down price plans starts by
analysing the current situation. For instance, how many subscribers
are on each price plan, and what does each price plan includes in
terms of products, tariffs, services and so on? Only when the CSP
knows that can it move on to group price plans into families or the
categories discovered during the analysis phase. Ideally the CSP
wants to group together price plans with similar tariffs and
services. Another goal is get rid of unprofitable price plans and
price plans that have few subscribers.
The next phase is to perform deeper analyses on the
groups-to-migrate so the CSP can determine what the target pricing
plans should be. All these proposed pricing changes are then
simulated in the systems so the CSP can measure the impact they
will have on its ARPU and network.
In most cases, customers won't even notice they've been moved to
the new price plans. In other cases, the CSP will incentivise
customers to move to the new plans, perhaps developing a marketing
campaign or two for that very purpose so the CSP can begin the
gradual process of migrating customers to plans that support their
customer experience and profit objectives. Done right, the system
or outsource team the CSP hires will be able to calculate next best
action recommendations for individual subscribers.
Checking for data integrity issues is critical during any
transformation activity, but performing data validation checks is
easy when there’s a managed services team for the CSP to turn to.
Likewise, maintaining a huge number of price plans drags the
efficiency of the CSP’s billing shop down. So transformation is the
perfect time to tackle that issue too. www.cvidya.com
3 4
The machinery of revenue assurance is a lot harder to fine tune now
there are so many moving parts. But it’s the variety of services
that makes all the difference. So choosing the right system has
never been more crucial, writes Nick Booth
hen communications services went beyond voice into broadband, TV,
games and all kinds of content on demand, the control of these
services became a lot more
complex. But without a fair system of checks and balances, the OTT
players will soon become a source of discontent.
Thanks to intruders like Sky and Netflix, consumers have come to
expect seamless delivery. If Sky can get its pictures running on
TVs, mobiles and tablets, they argue, so should their mobile
operator.
The fact that Sky and Netflix started their journey from a
different place means nothing to the customer. The customer doesn’t
want to pay twice
Can CSPs handle the multi-partner pressure?
R E V E N U E A S S U R A N C E
W
John Brooks, Subex: Understanding each others’ motivations is
important
Carlos Marques, WeDo Technologies: First you must assess how badly
they’ll hurt you
for watching the second part of a film on a different device and
these days the customers have much higher expectations and
bargaining power. The complexity of delivering all these services
is multiplied by the explosion in the number of devices they can
run on.
In one aspect, CSPs have an advantage in that they’ve experienced
similar problems before. “Remember leaky PBXs? This is a bit like
that,” Vic Bozzo, worldwide sales and marketing director for
revenue assurance vendor Telarix. Though the wound is more complex,
the discipline of plugging revenue leaks is essentially the same.
There’s a lot more data on the problem this time. The challenge is
in coming to grips with all the masses of information.
Now that CSPs are connecting people on a wide range of devices and
networks (3G, 4G, even Wi-Fi) that means bundles and pricing must
become delivery method independent. The good news is that service
assurance systems are becoming more reliable, according to Andy
Gent, CEO of Revector. They have better built-in checking and the
integration between the different sub-systems and real-time
charging is being driven by increasingly powerful computers. “The
percentage of errors generated through system incompatibilities
will diminish,” says Gent, “but the traditional revenue assurance
systems, designed to identify these errors, will become less
viable.”
However, apps like paid-for location based content will need much
more complex revenue assurance systems. They need to cope with
multiple partners - each needing their own settlements from the
network provider. This moves reconciliations away from customer
records and more towards reconciliation with partners.
Whoever manages those relationships between partners, CSPs and
consumers holds the key to service. Sometimes this is done by an
independent aggregator, sometimes by a service provider, but it’s
increasingly rarely the revenue assurance specialists. “Traditional
revenue assurance functions and systems are becoming obsolete,”
says Gent.
The shift from TDM to IP has had multiple effects on the discipline
of service assurance, says Telarix’s Bozzo, whose platform allows
carriers to bill, settle
and make routing decisions further up the chain.
“There was a whole lot of new call flows, creating lots of data
which needs to be analysed,” says Bozzo. Service assurance is, in
this case, a question of spotting patterns in that machine data and
figuring out what they mean. There is also a lot more cross border
data being created, as well as messaging data from the likes of
What’sApp. But this challenge creates an opportunity because this
big data could be eventually tamed and harnessed to work in the
CSP’s favour.
If big data can be tamed – and that is a big if – then the CSPs
need service assurance vendors to help them tackle the complexity
of modern relationships, says John Brooks, vice president of
product management at Subex.
“Agreements are more complex now,” says Brooks, “the third party
may be collecting the revenue and sharing it with the CSP, or vice
versa. But they will have different priorities in the issues they
tackle. “A minor suspense issue for the CSP could be a high
proportion of the third party’s revenue,” says Brooks, “so
understanding each other’s motivations can be useful.”
The need to sort out their motivations pretty quick, says Carlos
Marques, product marketing manager at WeDo Technologies because any
degradation of services has a serious impact on customers and
tarnishes the brand.
The new players in the revenue chain like Skype and Netflix - who
have no legacy to contend with - have caused margins to be thinner
because their efficiencies mean they can live on them. So there’s
little room for error during the management of risks.
“First you must assess how badly they’ll hurt you,” says Marques.
“CSPs should tool themselves up with monitoring and auditing
systems filled with automated warnings of pre-identified
risks.”
In that context, fraud management, revenue and cost assurance,
customer experience and risk management are definite areas where
CSPs can benefit from automation.
OK, that sounds a bit more complex than a leaky PBX, but this time
there’s more information available. Possibly too much
information.
3 6
vice president of worldwide sales and marketing at Telarix,
(pictured) and Michael Elling, the
principal of Information Velocity
Partners LLC
The GSMA has identified no fewer than 45 known fraud types that
service providers must contend with. Fraud has always been around
and the bad news is that it is likely to get worse before it gets
better, write Vic Bozzo and Michael Elling
revention, detection, investigation and correction are all actions
CSPs can take with the right tools. The two major reasons fraud
exists are vulnerable service provider systems and inefficient
settlement and tariffing regimes. Not a lot that can be
done about the latter in the short term, but a fair bit can be done
today by the service provider to combat the negatives of IP’s
open-ness.
IP was developed as a private end-to-end packet protocol that never
expected to be a public protocol. It scaled as digital economics
overwhelmed analogue beginning 30 years ago initially across wide
area – internet – networks and then local networks.
Ultimately IP entered the access and metro networks – wired and
wireless. It’s sheer scale and open-ness means IP has become the
protocol to rule all protocols for voice, data and video,
regardless of whether it was the best technology for all services
and markets.
But the same things that make IP appealing – flexibility, cost,
simplicity – make it a target for fraud. Any boundary point or
component that has an IP connection is vulnerable. This implies
that any party knowingly or unknowingly can be a participant in the
fraud. Add to that the fact that knowing the origination, path and
termination of a VoIP call is often impossible while the call is
happening.
To quote a leading industry vendor: “VoIP is about convergence,
saving money and resources.” This may appear to be paradoxical
given all the obvious and real dangers. Furthermore, one might ask:
what happened to growth in new services and new markets? We believe
therein lies a major problem with fraud, namely that CSPs are
spending the majority of their time and resources thinking about
the customer relationship (convergence) and handling those
converged services (money and resources) without giving sufficient
thought to transiting traffic to other CSPs and working with other
CSPs to develop new market opportunities.
Dedicating more resources to the latter serves two purposes, namely
reducing the fraud that has developed as a result of legacy
settlement and competitive structures in developing markets and,
additionally, serving as the basis for growth of new
services.
Transition to IP What seems to have been forgotten in the
transition from TDM to IP was the important interworking standards
that developed over the past 100 years in the analogue PSTN markets
for clearing supply and demand north-south between the application
and network/transport layers and east-west between CSPs. Without a
clear view of the path we’ve opened up the market to a replay of
what happened in the 1980s-90s in the PBX market, only instead
of
CSPs need to play defence and offence to combat fraud in an all-IP
world
P
auto-dialers we have banks of asterisk platforms
robo-dialing.
As many wrestle with where to focus their energies to combat fraud
– at the origination point, in the IP session or path, or after the
fact – we find that there are pros and cons to each and that a
blended approach is the best route. Below we look at the numerous
on-net and off-net solutions service providers should consider to
both combat fraud and set the stage for new service creation and
growing revenues with respect to their OSS systems and of- net
settlements.
New tools and functionality The first step is to look at internal
systems and figure out which ones are disjointed and might
contribute to duplicate reference data and rating tables. Combining
trading, routing and settlement systems in one platform and having
an integrated solution/view is absolutely critical. This also has
the added benefit of more efficient operations and lower
maintenance and support costs as well as upfront integration costs.
The result, in addition to fewer insecure steps and processes, is
rapid end-to-end visibility and more consistent data.
Further preventative steps can be taken by implementing quality
assurance platforms. In addition to regularly testing
interconnections, such tools can regularly check for compliance and
performance that prevents or limits fraud from occurring based on
benchmarks established by the system.
The move to real-time systems Regardless of the investment in
improved processes and systems fraud will happen. Therefore
real-time monitoring is critical. Robust dashboards that handle
complexity easily and can be easily monitored and work across all
OSS/BSS components are essential. The ability to interface directly
with switches is important as well for real-time intervention.
These are useful to limit instances of fraud, but once fraud has
occurred the same systems need to provide a strong suite of audit
and reconciliation tools to support disputes and limit total losses
beginning with automated bill receipt for electronic bill
verification, extending to financial management, and then to
flexible and rapid resolution.
Automated responses and policy An important element of any solution
is carrier blocking capability at the switch level, along with the
ability to set policy levels. Any solution needs the requisite
alerting, alarming, and the ability to take action in routing
tables and dispute management swiftly. Automated and dynamic policy
based routing is essential but of course the entire process starts
with automating the development of contracts to remove potential
errors or openings due to human oversight, as well as the ability
to flexibly handle rating structures across both voice and data
solutions.
The need to share data Even if all the above measures are
implemented, service providers will benefit from sharing data,
processes and policies with other carriers. Neutral exchanges may
well develop in the future to both alert individual CSPs and make
the entire community aware of and safeguard against threats.
Today’s solutions stop at the carrier border, but it’s increasingly
becoming apparent that any solution implemented today needs to be
future-proofed with the possibility to incorporate aggregated data
from neutral third parties.
Any solution should also be future-proofed with the ability to
facilitate new service creation. CSPs need to recognize that OTT
providers made rapid inroads precisely because they weren’t
constrained by artificial geographic, market or application siloes.
Likewise CSPs need to work together to introduce new services that
securely and cost effectively transit borders rapidly and in the
process stimulate customer demand for new, high-capacity/definition
voice, audio, data and video services.
As the saying goes, the best offence begins with a good defence.
But in this case the best offence may well be a good offence.
Service providers in the new IP world need to be proactive by
guarding against internal and external threats by first reviewing
internal systems, then looking externally for third party and
exchange data and finally by cooperating with other carriers in
order to be relevant to end users, providing value and generating
ROI. CSPs can work together to combat fraud and in the process
establish new pathways to service creation in an all-IP world.
www.telarix.com
The telecom big data software & services market has taken off
and is a major industry paradigm shift with extraordinary
promise.
But vendors and telecoms are desperate for intelligence so they can
capitalize on the opportunities. Now TRI's 526-page analyst report
sorts out the confusion and profiles the roles of 42 key vendor
analytics players.
Publish Date: Nov 2013
Report Price: $4,990 Full corporate license
Quality Guaranteed or your money back
Delivery: MS Word/Excel HTML w/full search
Data: Market Share & Forecasts to 2018
Free Analyst Time: Dan Baker, Author
Please scan the table of contents, summary, and all details at web
URL below.
See why this report delivers the tactical and strategic information
you need to fully profit from the telecom big data and analytics
megatrend. As with all TRI reports, your satisfaction of research
quality is 100% guaranteed.
For table of contents and ordering details visit:
http://technology-research.com Technology Research Institute (TRI)
-- BSS/OSS research since 1994
Dan Baker, Research Director --
[email protected] --
Tel: 1-570-620-2320
The Telecom Analytics & Big Data Solutions Market
FINALLY. . . AN IN-DEPTH ANALYST REPORT ON:
Operating in a competitive international traffic market, MTN, the
South African CSP, wanted to improve the quality of service it
offers and increase operational profitability. Here, the company
tells VanillaPlus about its deployments of inter-carrier traffic
management systems from CSG International
TN South Africa is part of MTN Group, a multi-national telecoms
company that has more than 152 million subscribers across
operations in 21 countries in Africa and the Middle East.
The South African operation has market share of approximately 37%
and provides voice, data and telemetry offerings and solutions to
its 20 million customers in the country.
MTN has invested substantially in submarine cables to improve
broadband capacity and give its customers world class internet. The
operator is the single biggest investor in the West Africa Cable
System (WACS), a submarine cable that links South Africa and the
west coast of Africa with Europe. MTN South Africa has also
invested in the Eastern Africa Submarine Cable System (EASSy), a
fibreoptic cable system that links South Africa and the east coast
of Africa with Europe.
“International traffic is a core element of our business, and the
establishment of a best-in-class traffic management practice will
help us deliver a distinct customer experience while growing our
strong position in the highly competitive South African telecoms
market,” says Sethunya Mbete, general manager, carrier services at
MTN South Africa
This wholesale and international capacity has seen the company turn
to CSG International to optimise inter-carrier traffic management,
improve quality of service and increase operational profitability.
In addition to deployment of the vendor’s Wholesale Business
Management Solution (WBMS), the operator has added CSG Route and
CSG Assure.
CSG Route is one of the most widely deployed routing and trading
systems in the world. It promotes fast, flexible rate negotiation
in addition to optimised traffic routing and discrepancy
resolution. CSG Route enables MTN wholesale customers to keep pace
with the constantly changing trading, routing, and quality
variables in its network. Uploading new rate changes once took MTN
weeks to complete, but with CSG Route, rate changes can be
completed at the click of a button.
CSG Assure verifies quality of service and detects any instances of
fraud in MTN’s international voice traffic, improving MTN’s
customer and inter-carrier revenue. Mbete sees this as particularly
important in improving and extending the operator’s international
calling proposition for retail customers in South Africa that call
neighbouring countries.
“Our continued investment in the CSG WBMS platform will enable us
to improve our retail proposition in the South African market for
international calling, especially in neighboring countries using
the MTN network,” he adds.
George Fraser, vice president, EMEA, at CSG International,
emphasises the significance of international traffic management.
“Buying and selling international traffic is a critical component
of the wholesale business,” he says. “MTN South Africa’s addition
of CSG Route and CSG Assure to its CSG WBMS platform can quickly
deliver improved traffic management, strengthening MTN’s
competitive position in the region.”
M
3 9
The establishment of
a best-in-class traffic
distinct customer
experience while
director of strategic planning
at Ericsson
Are we doing enough to enhance the security of networks as we
advance from old circuit switched technology to all-IP LTE and SDN
networks, asks Paresh Shah
decade or so ago, the main sources of revenue losses for a CSP
contributable to OSS/BSS systems were relatively straightforward
and encompassed within four categories:
• CDR mediation errors or incorrect processing of CDRs •
Subscribers not paying their bills (collection issues) •
Subscribers leaving to competition, and • Fraud (internal or
external)
At the time, many vendors promoted and CSPs confirmed that prepaid
service was a good solution to solve the first three of the four
main issues. Prepaid systems allowed CSPs to first authenticate the
user, authorise the service, and charge the user account in advance
of delivering the service. This immediately eliminated revenue
losses due to CDR mediation or processing errors as well as
collection issues. However, not all subscribers and enterprise
accounts could be converted to prepaid and hence the revenue losses
were minimised and not fully eliminated.
Many CSPs segmented the market by various characteristics such as
gender, income levels, residential/business or individual/family
and launched focused marketing campaigns accordingly. By
communicating the benefits and rewards in real-time, it allowed
them to build a much higher level of loyalty with their subscriber
base. Prepaid subscribers did not have to sign a contract with
their CSP for a minimum period unlike postpaid customers, and
therefore
subscribers had a choice to switch to a lower priced CSP by simply
swapping the SIM card on the phone.
This led to price war between competing CSPs yielding more
innovative promotions geared to encourage higher spending and
loyalty to increase ARPU. In most countries, the revenue was
recognised as soon as the funds were deposited in the account as
opposed to when they were used. This also helped CSPs’ revenue
recognition policies. Most implemented a time limit by which a
subscriber had to either use up the funds or deposit more funds to
extend the expiry date of the funds – further increasing CSP’s
revenues.
The underlying technology that made prepaid possible was IN
(Intelligent Networks). In wireline networks it was INAP while in
mobile networks it was either CAP (CAMEL Application Protocol) in
GSM or WIN (TIA/EIA/IS-826) in CDMA networks. All of these
protocols used SS7 (Signaling System 7) to transport the messages
between the Signaling Switching Point (SSP) and Service Control
Point (SCP). SS7 is packet based protocol and as such required a
completely separate network than the user bearer traffic which was
Circuit Switched (TDM). This separation of networks for signaling
and bearer minimised any potential threat of users being able to
hack into the signaling network to cause disruption or fraud. With
the improved quality of fibre transmission lines, to handle higher
signaling traffic load, most networks have now migrated to SS7 over
IP (IETF SIGTRAN). As for the data charging in 3G and charging for
all services in 4G networks, the 3GPP standards have
New networks and new services add up to new threats for CSP
revenues
A
4 1
adopted the Diameter interface to OCS (Online Charging System) and
billing system. In this architecture, there is no more distinction
between payment methods. The distinction is online versus offline
charging. All events are authenticated and reported in real time.
The main difference is in offline scenario, the service is rendered
without waiting for pre-authorisation. This architecture requires
OCS/ billing domain to be in constant communication with the
network elements carrying bearer traffic.
LTE architecture is much flatter than 3G and is much more IP
centric. In LTE, the user plane is only encrypted up to the eNodeB
located at the cell site, whereas in 3G it is encrypted all the way
back to RNC (Radio Network Controller) located in the base station.
This leaves the user traffic to the backhaul unencrypted. This is
because, in LTE the radio resource control (RRC) is managed by
eNodeB and the MME in the core, the RNC node is eliminated
completely. In the event that an attacker is able to penetrate the
cell site, they have a direct shot at the core of the LTE network,
whereas in 3G their path to the core would be blocked by the RNC.
Also, in LTE there are many more signaling and bearer paths between
the network elements than there were in 3G allowing for
peer-to-peer signaling between cell sites. With more and more
deployment of micro cell sites, this will further increase the
potential for security threats as they are not necessarily always
deployed in secure well protected environment.
As a result of all these network changes and increasing threats
from internal hackers, the CSPs are now demanding banking sector
like security management from OSS/BSS vendors. Simple user
name/password with audit logs are no longer sufficient. More and
more vendors are now using open source code as part of their
software product making it vulnerable to malware. Many CSPs are
demanding clarity of open source code use before making purchasing
decisions.
BSS on a disk or software only BSS ready for deployment in cloud
are some of the new buzz words used by many vendors to decouple
hardware and software. In principle this is very possible, however,
this requires much higher level of security consciousness on the
vendor’s part. Typically, OSS/BSS software is not developed to
share the hardware it runs on with any other
applications. This is especially true for prepaid systems as they
were always delivered as turnkey solutions.
When such system is made ready for deployment in cloud, while the
CSP may assume the responsibility for handling the worst-case
traffic scenario, it will not accept the security vulnerability
that third party application may bring. If the CSP is going to
offer cloud services, it must provide federated identity and access
management as well as data encryption in storage and messaging.
This translates to security requirements on the vendor of cloud
applications. Audit logging is equally critical for cloud to allow
for monitoring and alerting including for Database Access
Management (DAM), Separation of Duties (SoD), Intrusion Prevention
Systems (IPS) and Data Loss Prevention (DLP). In general, for cloud
to succeed, it must play active role in security defence and be
seen as active extension of security parameter for cloud users –
whether individuals or enterprises.
Software Defined Network (SDN) architecture addresses these
security threats by separating the control plane from the traffic
plane and also centralising the controls. SDN is all about
standards based interfacing – limiting or eliminating proprietary
implementations. SDN architecture gives ability to introduce
security flexibly anywhere in the network. For example, SDN
technology can help administrators to route all traffic through one
central firewall to facilitate real-time capture and analysis of
IDS and IPS data.
This enables better security management and allows introduction of
dynamic control – so denial of service can be detected or deeper
analysis can be orchestrated, for example. It also separates the
database from application layer and thereby enforcing better
practices for secured access to database. With the service exposure
layer, the third party applications have controlled access to the
database and not direct access as if the database was part of the
build. SDN is still new and as it helps solve many concerns, it
will also bring about new concerns. It will have to live up to many
of the reliability, availability, and scalability requirements that
most CSPs are used to. Scalability will be enhanced but
availability will be a challenge. In terms of reliability, more
work is needed and standards bodies are working on it.
BSS on a disk or
software only BSS
ready for deployment
the new buzz words
used by many vendors
www.ericsson.com
Malware, viruses and DNS attacks mean it sounds like the industry
is sick and it’s clear that all these threats are escalating. Jonny
Evans explores how security impacts on revenue and fraud what CSPs
doing to protect their users and their businesses
alware is a big business and it's a business that's booming.
Juniper Research claims over US$58 billion is lost to fraud, while
the Communications Fraud Control
Association (CFCA) estimates fraud losses at around US$46.3 billion
per year. That's a huge chunk of global CSP revenues disappearing
way before they hit the balance sheet, so with so much at stake are
CSPs doing enough to protect themselves and their customers?
The CFCA recognises the biggest telecoms frauds include: • PBX
Hacking • Identity Fraud • International Revenue Share Fraud •
By-Pass Fraud • Credit Card Fraud
Revector CEO, Andy Gent runs a fraud and revenue protection company
that provides services to mobile operators in more than 80
countries. He
CSPs aren’t paranoid: they are out to get you
M
4 2
Andy Gent, Revector: Mobile is becoming a popular playground for
fraudsters
Tal Eisner, cVidya: CSPs are being dragged into adventures they
wished would never happen
warns: "Mobile is becoming a popular new playground for thieves and
fraudsters. This is largely because the mobile device is portable,
often not secured with a password or lock and contains access to
fantastic amounts of information about people’s lives and
work."
We've moved beyond the isolated geek engaged in phreaking. Modern
mobile fraudsters are well organised, creative and capable of
reacting to changes in the way CSPs manage their networks. For
example, AT&T subscribers were recently hit by a scam in which
criminals hijacked the SIM card inside phones to make international
calls. The network's response was to say it is working to educate
customers in the nature of mobile risk.
Alan Carter, cloud services director at SecureData agrees that
users – at an enterprise or a personal level – need to take some
responsibility: "Businesses need a strategy for mobile security and
they must make it clear to users," he says. On the other hand, "If
you don’t provide mobile services then the users will find their
own way in an uncontrolled and possibly insecure manner. Mobile
devices need to be managed as you would any other corporate
device."
This may not be enough. Mobile security poses other threats.
Disgruntled employees may introduce rogue apps into a company's
existing mobile deployment. Apps also threaten ordinary users who
may become infected when purchasing an app online. The official
stores seem relatively secure – malware carrying apps are unlikely
to be found in the Google Play and iTunes Stores which are popular
in the UK/US, but malware apps are far more likely to become a
problem in countries that prefer to use unofficial app stores, such
as the Asia Pacific.
"The entire process drags the CSP's into adventures they wished
would never happen," explains Tal Eisner, senior director product
strategy at cVidya. These impacts include the need to negotiate
with angry customers, financial disputes. CSPs need to protect
themselves against both reputational and financial damage.
It's not just customers who are subject to criminal activity:
"Often it is much more profitable to conduct a complex fraud
against an operator than it is to target thousands of customers,"
says Gent. "For example, one SIM card that is collecting
termination fees instead of an operator could be
worth up to $3,000 per month to a fraudster. We have seen thousands
of SIMs used in some countries – so that demonstrates the extent of
the issue. In some cases several hundreds of thousands of pounds
have been spent on equipment to commit frauds against operators –
whic